Improved Digital Signature Suitable for Batch Verification
IEEE Transactions on Computers
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Short Signatures from the Weil Pairing
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Provably Secure Implicit Certificate Schemes
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Identification of Bad Signatures in Batches
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
An Identity-Based Signature from Gap Diffie-Hellman Groups
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Postal Revenue Collection in the Digital Age
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Efficient Identification of Bad Signatures in RSA-Type Batch Signature
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Batch Verification of Short Signatures
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Identification of Multiple Invalid Signatures in Pairing-Based Batched Signatures
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Practical Short Signature Batch Verification
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Finding invalid signatures in pairing-based batches
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Group testing and batch verification
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
Batch verification with DSA-type digital signatures for ubiquitous computing
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
High security pairing-based cryptography revisited
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Batch verifications with ID-Based signatures
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
This paper describes a new method in pairing-based signature schemes for identifying the invalid digital signatures in a batch after batch verification has failed. The method more efficiently identifies non-trivial numbers, w, of invalid signatures in constrained sized, N, batches than previously published methods, and does not require that the verifier possess detailed knowledge of w. Our method uses "divide-and-conquer" search to identify the invalid signatures within a batch, pruning the search tree to reduce the number of pairing computations required. The method prunes the search tree more rapidly than previously published techniques and thereby provides performance gains for batch sizes of interest. We are motivated by wireless systems where the verifier seeks to conserve computations or a related resource, such as energy, by using large batches. However, the batch size is constrained by how long the verifier can delay batch verification while accumulating signatures to verify. We compare the expected performance of our method (for a number of different signature schemes at varying security levels) for varying batch sizes and numbers of invalid signatures against earlier methods. We find that our new method provides the best performance for constrained batches, whenever the number of invalid signatures is less than half the batch size. We include recently published methods based on techniques from the group-testing literature in our analysis. Our new method consistently outperforms these group-testing based methods, and substantially reduces the cost ( 50%) when w ≤ N/4.